Express (Distributed operating systems), v8.0 > Reference > Messages
JSAS
JSAS0001I: Security configuration initialized.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0002I: Authentication protocol: {0}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0003I: Authentication mechanism: {0}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0004I: Principal name: {0}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0005I: SecurityCurrent registered.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0006I: Security connection interceptor initialized.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0007I: Client request interceptor registered.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0008I: Server request interceptor registered.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0009I: IOR interceptor registered.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0010E: [{0}] Null reference to Vault. Security may be disabled. Exception: {1}.
Explanation This message indicates that an error occurred when creating a vault instance during initialization of the server. Action Enable security. If security is already enabled, see the problem determination information on the WAS Support Web page: //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ ://www.ibm.com/software/webservers/appserv/was/support.
JSAS0011E: [{0}] Java Exception. Exception = {1}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
JSAS0020E: [{0}] Null reference to LoginHelper. The problem may be an out of memory error. Restart the server machine and try again.
Explanation This message indicates an internal error occurred when trying to create an instance of the LoginHelperImpl class. Action The problem may be an out of memory error. Restart the server machine and try again.
JSAS0025E: [{0}] Null reference to ORB. The problem may be an out of memory error. Restart the server machine and try again.
Explanation This message indicates that a reference to the ORB was null. Action The problem may be an out of memory error. Restart the server machine and try again.
JSAS0026E: [{0}] Exception connecting object to the ORB. Check the SSL configuration to ensure that the SSL keyStore and trustStore properties are set properly. Ensure that the keystore has at least one personal certificate and that the signer for the personal certificate is added to the truststore. Attempt loading the keystore and truststore into WebSphere''s IKeyMan and ensure that the file type specified in the configuration (usually JKS) is the correct file type. Make sure the password specified for the keystore and truststore is valid. Use the same password for both keystore and truststore. {1}
Explanation An internal exception occurred. Your server key ring is not valid, does not contain a server certificate, or cannot be found. Action Check the SSL configuration to ensure that the SSL keyStore and trustStore properties are set properly. Ensure that the keystore has at least one personal certificate and that the signer for the personal certificate is added to the truststore. Attempt loading the keystore and truststore into IKeyMan and ensure that the file type specified in the configuration (usually JKS) is the correct file type. Make sure the password specified for the keystore and truststore is valid. Use the same password for both keystore and truststore.
JSAS0027E: [{0}] ORB data conversion exception. This typically occurs when the ORB is processing a data string with characters that are not consistent with the code pages supported by the ORB. Refer to product documentation for additional information. {1}
Explanation An internal exception occurred. The probable cause is that a data string processed by the ORB, such as the server's realm/name, contains characters that are not consistent with the code pages supported by the ORB. Action Check the security configuration files to ensure that data strings contain only characters from code pages that are supported by the ORB.
JSAS0030E: [{0}] Unable to get Current. Check to ensure the correct Java class files are in the program classpath. Make sure you are not using the wrong version of SAS.JAR. {1}
Explanation This message indicates an internal error occurred when trying to access the Current class via the resolve_initial_references method. Action Check to ensure the correct java class files are in the program class path. Make sure you are not using the wrong version of SAS.JAR.
JSAS0040E: [{0}] Unable to initialize security context. Check to ensure the userid/password is valid. Restart the client and retry the operation.
Explanation The outcome of the init_security_context method is not as expected. This error can be caused by any secure association issues with the target server. There are times when this is benign such as for method invocations that do not require security. Action Check to ensure the user name and password are valid. Restart the client and retry the operation.
JSAS0051E: [{0}] Invalid authentication target. Verify that the security configuration has a valid authentication target selected.
Explanation The authentication target is not of the type BasicAuth, LocalOS or LTPA. Sometimes only LocalOS or LTPA are valid authentication targets for certain methods. Action Verify that the security configuration has a valid authentication target selected.
JSAS0052E: [{0}] Invalid credential token. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly. {1}
Explanation The credential token is null, expired, or has been tampered with. Since the token is digitally signed, any modification of the bytes in the token will not verify. The most common reason for this error is due to a null token. Action Retry the operation after a few minutes. If using the request_login method for Domino, confirm that the Domino and WebSphere Signle Sign On (SSO) configuration has been configured correctly.
JSAS0053E: [{0}] Unable to validate credential token. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
Explanation The credential token is null, expired, or has been tampered with. Since the token is digitally signed, any modification of the bytes in the token will not verify. The most common reason for this error is due to a null token. Action Retry the operation after a few minutes. If using request_login for Domino, ensure that the Domino and WebSphere Signle Sign On (SSO) configuration has been configured correctly.
JSAS0054E: [{0}] Unable to set invocation credentials. Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential. {1}
Explanation This error could occur for one of the following reasons: the credential is null, the credential is not a subtype of org.omg.SecurityLevel2.Credentials, the credential has been marked invalid during a failed login attempt, or when the security server was unavailable. Action Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential.
JSAS0060W: [{0}] Unable to build security context. Occasionally, problems with the client and/or server configuration is responsible for these errors. Often it''s related to SSL connections not being created. This could be due to invalid settings in the security configuration. The SAS.JAR may not be specified in the classpath or is not the same version as the server. The JDK you are using must also have the JSSE extension classes in /java/jre/lib/ext directory. The java.security file must include the IBMJCE provider.
Explanation This message indicates that the building of the security context was not successful. This exception can occur when the session cannot be found in the session table, or a java runtime exception occurs. Action Occasionally, problems with the client or server configuration is responsible for these errors. This exception commonly occurs when SSL connections are not being created. That could be because of settings that are not valid in the security configuration, the sas.jar file might not be specified in the class path or the serer versions might be different. Confirm that the JDK you are using has the Java Secure Socket Extension (JSSE) extension classes in the /java/jre/lib/ext directory and that the java.security file includes the IBMJCE provider.
JSAS0070E: [{0}] Unable to complete secure association at the client. Retry the client program after a few minutes wait. {1}
Explanation An attempt to communicate with the server was not successful. Action Confirm that your server is running and that the port and host configurations are correct.
JSAS0071E: [{0}] NO_PERMISSION caught, unable to complete secure association at the client. Retry the client program after a few minutes wait. Ensure that the client program is using the correct version of SAS.JAR in the classpath. {1}
Explanation An attempt to establish a secure association with the server resulted with a NO_PERMISSION error. Action Retry the client program after a few minutes wait. Ensure that the client program is using the correct version of the sas.jar file in the classpath.
JSAS0100E: [{0}] Null target security name. Verify that the principalName specified in the server configuration is valid.
Explanation The target security object retrieved from a security tagged component in the Interoperable Object Reference (IOR) is null. Action Verify that the principalName field specified in the server configuration is valid.
JSAS0110E: [{0}] Client credentials were not the correct type. Ensure that the client program is correctly following the CORBA programming model. Also, verify that the correct version of SAS.JAR is in the client classpath. {1}
Explanation This indicates that the credentials object being passed to the current object are not Security Authentication Service (SAS) credentials but of some other type or no type was specified. Action Ensure that the client program is correctly following the Common ORB Architecture (CORBA) programming model. Also, verify that the correct version of the sas.jar file is in the client classpath.
JSAS0120E: [{0}] Unable to create SecurityContext object. Try to review the client security configuration file (sas.client.props). If recent changes have been made you may want to undo these changes. {1}
Explanation A problem occurred while trying obtain the security context object when adding a new security session. This typically occurs when the client is trying to login. Action Review the client security configuration file (sas.client.props) for recent changes. If recent changes have been made, you might want to undo these changes for troubleshooting purposes.
JSAS0130E: [{0}] Client credentials were not valid. Restart the client so that it logs in with new credentials. Once client credentials are marked invalid, they must be thrown away and news ones created. {1}
Explanation This message indicates that the client credentials were marked invalid. This could be because the credential token expired, the user name and password were not confirmed, or the security server was not available to verify the user information. Action Restart the client so that it logs in with new credentials. Once client credentials are marked invalid, they must be thrown away and news ones created.
JSAS0150E: [{0}] Unable to find session in session table. Retry the operation. If the error repeats itself, restart the client program. Check the client properties to ensure the login information is correct.
Explanation This error indicates that the session key was not found in the session table. This error may be a result of a different problem. Problems such as an invalid credential or a security service not being available are common causes for this error. Action If the problem persists, check the client properties to ensure the login information is correct and restart the client program.
JSAS0170E: [{0}] Null session handle in session table. Check to see if a server process has terminated just prior to receiving these errors. If a process has terminated, restart the process and retry the operation. Verify that the client userid/password is valid. If the login fails, the session will be deleted on the client side and the credentials will be marked invalid. If a retry occurs, you will likely see this error. Restart the client program after verifying the login info.
Explanation An attempt to access a security session from the session tables on the client or on the server was not successful. The session probably has already been deleted or has not been added. If the login fails, the session will be deleted on the client side and the credentials will be marked invalid. Action Determine if a server process was stopped prior to receiving this error. If a server process was stopped, restart the server process and retry the operation.
JSAS0180E: [{0}] Unable to get PrincipalAuthenticator from Current. Check the security configuration to ensure that the authenticationTarget is set properly.
Explanation The problem is typically related to the security configuration. Action Check the security configuration to ensure that the authenticationTarget is set properly.
JSAS0185E: [{0}] Validation of BasicAuth Token not supported. Check the client code to ensure it''s not calling validate incorrectly. Resubmit the request after waiting a few minutes.
Explanation A BasicAuth token, consisting of only a user name and password, must be authenticated and can not be validated. Action Confirm that the validate method is not being called. The request can be retried after waiting for a few minutes.
JSAS0186E: [{0}] Authentication with BasicAuth Token not supported. Check the client code to ensure it''s not calling the wrong principal authenticator. Resubmit the request after waiting a few minutes.
Explanation Trying to authenticate a BasicAuth token which consists of just a user name and password in either the LTPA or LocalOS PrincipalAuthenticator class. Action Confirm the client code is not calling the wrong principal authenticator. Resubmit the request after waiting a few minutes.
JSAS0190E: [{0}] Invalid or null client security name, unable to authenticate. Verify the information used to login. Retry the operation with a valid userid. If a properties login is performed, check the properties file to ensure a userid has been set.
Explanation The user name passed into the authenticate method was either null or not valid. Action Confirm the operation was performed with a valid user name. If a properties login is performed, confirm the user name has been set in the sas.client.props file.
JSAS0191E: [{0}] Null or empty BasicAuth Token, unable to authenticate. Verify the information used to login. Retry the operation with a valid userid and password. If a properties login is performed, check the properties file to ensure a userid and password has been set.
Explanation The user name or password passed into the authenticate method was either null or not valid. Action Confirm the operation was performed with a valid user name and password. If a properties login is performed, confirm the user name and password have been set in the sas.client.props file.
JSAS0199E: [{0}] Security server could not be initialized. The probable cause for this problem is that the class com.ibm.WebSphereSecurityImpl.SecurityServerImpl cannot be located. This is typically in the wssec.jar file.
Explanation The security server cannot be located. Ensure that the wssec.jar file is located in the classpath. Action The probable cause for this problem is that the class com.ibm.WebSphereSecurityImpl.SecurityServerImpl can not be located. This is typically in the wssec.jar file.
JSAS0200E: [{0}] Attempt to establish a secure association at the target server failed. Check your userid/password to verify the correctness. Retry the operation after a few minutes. Message={1}, ErrorCode={2}
Explanation The attempt to authenticate the client has not been accepted. Action Verify that the user name and password are correct, as an incorrect user name or password is usually the source of the problem. It is also possible that the security server was not available. Retry the opertion after a few minutes.
JSAS0201E: [{0}] Invocation credential realm does not match target''s realm: {0}. If using the SWAM authentication mechanism, you should switch to using LTPA instead for remote IIOP invocations.
Explanation Attempting a remote invocation over the Internet Inter-ORB Protocol (IIOP) using the Simple WebSphere Authentication Mechanism (SWAM) authentication mechanism is not supported. Action Retry the remote invocation using LTPA authentication mechanism configured in Global Security.
JSAS0202E: [{0}] Credential token expired. {1}
Explanation The credential token associated with the user credential has expired. This is expected behavior when using the Lightweight Third-Party Authentication (LTPA). Action Close the client and login again.
JSAS0203E: [{0}] Authentication Failed. Note: The propagation of native registry error information is disabled by default. You may enable it by setting the property "com.ibm.websphere.security.registry.propagateExceptionsToClient=true" from the server''s administrative console by navigating to Security -> Global security -> Custom properties.
Explanation The native registry exceptions do not flow to a pure client for security reasons. If the environment is protected, you may enable this feature. Action Set the property "com.ibm.websphere.security.registry.propagateExceptionsToClient=true" from the server's administrative console menu: Security -> Global Security -> Custom Properties.
JSAS0208E: [{0}] Internal error: system exception.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
JSAS0240E: [{0}] Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. {1}
Explanation This message indicates that the attempt at authenticating was not successful. Action Verify the user name and password are correct. Check the sas.client.props properties file to ensure the login source is valid. If this error occurs on the server, check the sas.server.props properties file to ensure the principalName property has a valid realm and user name.
JSAS0241E: [{0}] Attempting to receive LocalOS credential from remote node. LocalOS credentials are only supported on the same node.
Explanation This message indicates that the LocalOS credential is trying to access a resource on a node other than the one it was authenticated on. Action Verify your code to determine if there is a naming lookup or an EJB accessing another node.
JSAS0250E: [{0}] Secure association compromised. Retry the operation. Might want to contact your network administrator to see if any network problems occurred during the time of the errors. Message={1}, ErrorCode={2}.
Explanation The message from the server has been corrupted. This could be due to message tampering or possibly an electrical surge causing the bytes to be rearranged. Action Retry the operation. If this problem persists, contact your network administrator to determine if any network problems occurred when the error occured.
JSAS0300E: [{0}] Invalid message type returned from target. Retry the operation after a few minutes. If the problem persists, there should be messages on the server system which may give a better indication of what the problem is. Further tracing on the server may be necessary. Message: {1}, ErrorCode: {2}.
Explanation The message type sent from the server to the client was not valid. This commonly occurs when an exception is created by the server while processing a request. When this occurs, the request normally does not complete. Action Retry the operation after a few minutes. If the problem persists, there should be messages on the server system which may give a better indication of what the problem is. Further tracing on the server may be necessary.
JSAS0310E: [{0}] Invalid security attribute type, unable to authenticate. Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact the system administrator to verify that all of the attributes you need have been set in the user registry. {1}
Explanation A security attribute is a value stored in the credential object such as userid or groupid. Either the type trying to be accessed is not a valid credential attribute type or the attribute being accessed is null. Action Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact the system administrator to verify that all of the attributes you need have been set in the user registry.
JSAS0320E: [{0}] Connection type found in session entry was not valid for this security context. Ensure that the security configuration has the SSL keyStore and trustStore properties specified, and that the keystore file has valid, non-expired certificates.
Explanation The connection type was not SSL. Action Ensure that the security configuration has the SSL keyStore and trustStore properties specified, and that the keystore file has valid, non-expired certificates.
JSAS0340E: [{0}] Invalid communication direction for security feature. Ensure the call to get_security_features passes in org.omg.Security.CommunicationDirection._SecDirectionBoth.
Explanation The communication direction passed into the get_security_features method currently only the supports org.omg.Security.CommunicationDirection._SecDirectionBoth class. Action Ensure the call to the method get_security_features method passes in the org.omg.Security.CommunicationDirection._SecDirectionBoth class.
JSAS0350E: [{0}] Security attribute type is null or invalid. Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact the system administrator to verify that all of the attributes you need have been set in the user registry. {1}
Explanation A security attribute is a value stored in the credential object such as userid or groupid. Either the type trying to be accessed is not a valid credential attribute type or the attribute being accessed is null. Action Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact the system administrator to verify that all of the attributes you need have been set in the user registry.
JSAS0355E: [{0}] Duplicate security attribute type specified. Verify the program to ensure that the same attribute is not trying to be retrieved more than once at the same time. {1}
Explanation This error indicates that the same attribute in the credential object is being accessed more than once for a single call to the get_attributes method. Action Ensure that multiple attempts are not being made to retrieve a single attribute at the same time.
JSAS0360E: [{0}] Security attribute list is null. Verify that the list of attributes that is trying to be set is not null. Retry the operation.
Explanation The attribute list was null when the call was made to the set_attributes method on the credential. Action Verify that the list of attributes that is trying to be set is not null. Retry the operation.
JSAS0370E: [{0}] Security attribute list contains null attribute type or attribute family. Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
Explanation The attribute list contained an attribute type which was null when the call was made to the set_attributes method on the credential. Action Verify that the list of attributes that is trying to be set does not contain a null attribute type. Retry the operation.
JSAS0380E: [{0}] Security attribute list contains null member. Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
Explanation The attribute list contained a member which was null when the call was made to the set_attributes method on the credential. Action Verify that the list of attributes that is trying to be set does not contain a null member. Retry the operation.
JSAS0400E: [{0}] Could not close the key file; processing will continue.
Explanation A java I/O Exception occurred while trying to close the keyfile. Action Processing should continue.
JSAS0402E: [{0}] The standardClaimQOPModels attribute contains an invalid option; using the default value: {1}. Correct the value specified on the standardClaimQOPModels property if you do not want to use Confidentiality.
Explanation The option specified in the standardClaimQOPModels property is not valid. Valid options for this property include Authenticity, Integrity, Confidentiality, and Advanced. Action Correct the value specified on the standardClaimQOPModels property if you do not want to use Confidentiality.
JSAS0403E: [{0}] The delegateCredentials property contains an illegal delegation mode. Correct the value specified on the delegateCredentials property. The default is None.
Explanation Valid delegateCredentials property values include None, Simple, Scoped, Traced, and MethodDefined. Action Correct the value specified on the delegateCredentials property. The default is None.
JSAS0404E: [{0}] The loginTimeout property is out of range. Correct the value so that it falls between 0 and 600 specified in seconds. Currently using the value: {1}
Explanation Ensure the value specified is between 0 and 600 seconds. Action Correct the value so that it falls between 0 and 600 specified in seconds.
JSAS0405E: [{0}] The property contains a non-integer string value; defaulting to {1}. Correct the value specified in the property so that it is an integer number.
Explanation An integer value must be specified for this property. Action Confirm that the value specified in the property is an integer.
JSAS0406E: [{0}] The standardPerformQOPModels attribute contains an invalid option; defaulting to {1}. Correct the value specified on the standardPerformQOPModels property if you do not want to use Confidentiality.
Explanation The option specified in the standardPerformQOPModels property is not valid. Valid options for this property include Authenticity, Integrity, Confidentiality, and Advanced. Action Correct the value specified on the standardPerformQOPModels property if you do not want to use Confidentiality.
JSAS0408E: [{0}] The SSLCredentialsTimeout property is out of range; using the default value of {1}. Correct the value specified in the property so that it is in the valid range.
Explanation The valid range for the SSLCredentialsTimeout property is between 0 and 31,449,600 seconds. Action Correct the value specified in the property so that it is in the valid range.
JSAS0409E: [{0}] The SSLCredentialsTimeout property contains a non-integer string value; using the default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation An integer value must be specified for this property. Action Confirm that the value specified in the property is an integer.
JSAS0410E: [{0}] The SSLPort property contains a non-integer string value; using the default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation An integer value must be specified for this property. Action Confirm that the value specified in the property is an integer.
JSAS0411E: [{0}] The SSLV3SessionTimeout property is out of range; using default value of {1}. Correct the value specified so that it is within the valid range.
Explanation The valid range of values for the SSLV3SessionTimeout property is between 0 and 86,400 seconds. Action Correct the value specified so that it is within the valid range.
JSAS0412E: [{0}] The SSLV3SessionTimeout property contains a non-integer string value; using default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation An integer value must be specified for this property. Action Confirm that the value specified in the property is an integer.
JSAS0413E: [{0}] A problem occurred while processing the security configuration. Verify the data entered in the security configuration is valid. {1}
Explanation A java runtime exception occurred when processing the security configuration. Action Review the security configuration to ensure that all the values are valid.
JSAS0414E: [{0}] The configuration is incorrect; the server may not start or may not function correctly. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency. The valid verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. Based on the level we have selected, the configuration can not be verified as correct. Action This error will be preceded by additional error messages with further information.
JSAS0415E: [{0}] The configuration is incorrect. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency. The valid verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. Based on the level we have selected, the configuration can not be verified as correct. Action This error will be preceded by additional error messages with further information.
JSAS0416E: [{0}] The configuration is in an unknown state. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency. The valid verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. Based on the level we have selected, the configuration can not be verified as correct. Action This error will be preceded by additional error messages with further information.
JSAS0417E: [{0}] The active correctness verification produced a verification result of {1}
Explanation The expected verification result is Success(0). The other possible verification results are Unknown (-1), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3). Action This error will be preceded by additional error messages with further information.
JSAS0418E: [{0}] The configuration has not been initialized. Ensure that the security configuration is complete and in the location specified by the com.ibm.CORBA.ConfigURL. This location is typically WASROOT/properties.
Explanation This indicates that the security configuration has not been processed. Action Verify the security configuration is complete in the sas.client.props file, including the location of the file specified by the com.ibm.CORBA.ConfigURL property. The most common location is <was_root>/properties.
JSAS0420E: [{0}] None of the association options have been set. Ensure that at least one of these association options are set.
Explanation At least one of the following association options must be set in the sas.client.props file: DCEClientAssociationEnabled, DCEServerAssociationEnabled, SSLTypeIClientAssociationEnabled, SSLTypeIServerAssociationEnabled, LTPAClientAssociationEnabled, LTPAServerAssociationEnabled, LocalOSClientAssociationEnabled, LocalOSServerAssociationEnabled. Action Ensure that at least one of these association options are set.
JSAS0422E: [{0}] The configuration is incomplete. A preceding message will likely tell you the exact reason why it is incomplete. The likely reasons are no Bootstrap Repository location, no association options selected, or the configuration has not been initialized.
Explanation A verification result of ConfigIncomplete (1) has been returned. Action This error will be preceded by additional error messages with further information. The likely causes for this error are a missing Bootstrap Repository location, no association options selected, or the security configuration has not been initialized.
JSAS0423E: [{0}] The completeness verification produced a verification result of {1}.
Explanation The expected verification result is Success(0). The other possible verification results are Unknown (-1), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3). Action This error will be preceded by additional error messages with further information.
JSAS0424E: [{0}] The login source is Properties, however either the userid or password were not specified. Specify a userid on com.ibm.CORBA.loginUserid and password on com.ibm.CORBA.loginPassword if you intend to use the login source of properties.
Explanation This indicates an inconsistency in the configuration because a login source of properties needs to have a userid and password specified. Action Specify a userid on the com.ibm.CORBA.loginUserid property and password on the com.ibm.CORBA.loginPassword password if you intend to use the login source of properties.
JSAS0425E: [{0}] The login source is KeyTable, however the KeyTable file was not specified. Specify a KeyTable file on com.ibm.CORBA.keytabFileName if you intend to use the login source of KeyTable.
Explanation This message indicates an inconsistency in the configuration because a login source of the KeyTable type needs to have a KeyTable file specified. Action Specify a KeyTable file on com.ibm.CORBA.keytabFileName if you intend to use the login source of KeyTable.
JSAS0427E: [{0}] The specified perform-QOP options are not valid. Verify that the above properties are consistent.
Explanation The com.ibm.CORBA.standardPerformQOPModels property is set to advanced. The following properties are not set consistently with that value: performClientAuthentication, performServerAuthentication, performMessageReplayDetection, performMessageOutOfSequenceDetection, performMessageIntegrity, and performMessageConfidentiality. Action Verify that the above properties are consistent.
JSAS0428E: [{0}] The specified claim-QOP options are not valid. Verify that the above properties are consistent.
Explanation The com.ibm.CORBA.standardClaimQOPModels property is set to advanced. The following properties are not set consistently with that value: performClientAuthentication, performServerAuthentication, performMessageReplayDetection, performMessageOutOfSequenceDetection, performMessageIntegrity, and performMessageConfidentiality. Action Verify that the above properties are consistent.
JSAS0429E: [{0}] The configuration is inconsistent. The exact reason of the inconsistency will be in a preceding message.
Explanation This error occurs when a dependency between two configuration options is not met. For example, if an SSL connection is configured but the keystore file does not exist. Action This error will be preceded by additional error messages with further information.
JSAS0430E: [{0}] The consistency verification produced a verification result of {1}
Explanation The expected verification result is Success (0). The other possible verification results are: Unknown (-1), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3). Action This error will be preceded by additional error messages with further information.
JSAS0431E: [{0}] The passive correctness verification produced a verification result of {1}
Explanation The expected verification result is Success (0). The other possible verification results are: Unknown (-1), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3). Action This error will be preceded by additional error messages with further information.
JSAS0433E: [{0}] The performClientAuthentication is set, but none of the server association options are set. Ensure that at least one of the server association properties are set to true.
Explanation The property com.ibm.CORBA.performClientAuthentication is set. One of the following properties must also be set: SSLTypeIServerAssociationEnabled, SSLTypeIIServerAssociationEnabled, LTPAServerAssociationEnabled, or LocalOSServerAssociationEnabled. Action Ensure that at least one of the server association properties are set to true.
JSAS0435E: [{0}] Credentials are invalid. Login again to get new credentials. Sometimes it is necessary to restart the client and/or server to ensure that you are using new credentials. Once credentials are marked invalid, they cannot become valid again. {1}
Explanation The invalid flag on the credential object has been set to true. This usually means the credential was not accepted by the server when trying to authenticate. A NO_PERMISSION exception has likely been created by the server. Action Log on again to pass new credentials. It might be needed to restart the client and the server to ensure that you are using the new credentials. Once credentials are marked invalid, they cannot become valid again.
JSAS0436E: [{0}] The configuration is ambiguous about which security mechanism to use. Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes. {1}
Explanation This error indicates that the client or server configuration properties are not valid. Another possibility is that some of the configuration properties are conflicting with each other, as certain properties cannot be set together. Action Review the sas.client.props file or the sas.server.props file for recent changes. If recent changes have been made, you might want to undo these changes for troubleshooting purposes.
JSAS0437E: [{0}] The DCE tagged component was not correctly formed and can not be parsed. Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server.
Explanation A SystemException occurred when parsing the tagged component. Action Confirm that you are connecting to a supported server version. Ensure that the sas.jar file you are using on the client side is compatible with that server.
JSAS0438E: [{0}] Invalid initial reference name. Verify that security is enabled in the client/server configuration (com.ibm.CORBA.securityEnabled=true). Check the client program to ensure that a valid name is passed into "resolve_initial_references". {1}
Explanation This error indicates that the name passed into the "resolve_initial_references" method in the program is not valid or has not been registered. Action Verify that that the com.ibm.CORBA.securityEnabled property is set to true in the client and server configuration. Confirm that a valid name is being passed to the "resolve_initial_references" method in the client program.
JSAS0439E: [{0}] Unable to get Credentials. Verify that the client set the credentials properly before invoking the request. Ensure that the correct userid/password was specified when logging in. {1}
Explanation On the server side, there must be a set of received credentials when communicating over SSL and Mutual Authentication is enabled. Without the received credentials the server will throw a NO_PERMISSION exception. Action Verify that the client set the credentials properly before invoking the request. Ensure that the correct user name and password were specified when logging in.
JSAS0441E: [{0}] ASSOC_ACCEPT message is illegal at the target. Retry the operation after a few minutes. Check the client configuration to ensure there''s nothing out of the ordinary that might be causing an exception to occur.
Explanation The ASSOC_ACCEPT message type is not expected to be received by the target server. Action You should retry the operation after several minutes. Review the sas.client.props file on the client to ensure the settings are all valid.
JSAS0442E: [{0}] ASSOC_REJECT message is illegal at the target. Retry the operation after a few minutes. Check the client configuration to ensure there''s nothing out of the ordinary that might be causing an exception to occur.
Explanation The ASSOC_REJECT message type is not expected to be received by the target server. Action You should retry the operation after several minutes. Review the sas.client.props file on the client to ensure the settings are all valid.
JSAS0443E: [{0}] Request holder service data key for Security Context invalid. Ensure that the correct SAS.JAR is in the server and client classpath. There might be a mismatch between these files on the client and the server. {1}
Explanation The key used to find the security context is not valid. Action Ensure that the correct sas.jar file is in the server and client classpaths.
JSAS0445E: [{0}] Unknown host. An attempt will be made to use the host name, however, if this fails you''ll need to take action. Contact your network administrator to ensure that the hostname and IP address which we have configured on the server is valid. {1}
Explanation The host name could not be converted into the dotted IP address form. Action An attempt will be made to use the host name, however, if this fails you'll need to take action. Contact your network administrator to ensure that the hostname and IP address which we have configured on the server is valid.
JSAS0446E: [{0}] The listening port has not been initialized yet. Check the configuration to ensure there is not a property which inadvertently sets the port to something already using it. Stop the server and wait for about 2 minutes before restarting the server so that all ports that were in use will be released.
Explanation This indicates that the port specified in the server connection data is 0. Action Confirm that a property was not set to a port that is already being used. The server should be stopped. After waiting about 2 minutes to allow the ports to be released, restart the server.
JSAS0447E: [{0}] The security tagged component assistor is not an ObjectImpl and therefore can not be registered with the ORB. Check to ensure we have the same version of SAS.JAR as the server. Check the dates of the file on the server to ensure they match the dates of other JAR files on the server in case a mismatch has occurred.
Explanation The SecurityTaggedComponentAssistorImpl.class file in the SAS.JAR is not valid. Action Ensure that we have the same version of the sas.jar file as on the server. To confirm you are using the correct version, compare the dates to ensure that they match the dates of the other jar files on the server.
JSAS0449E: [{0}] The SSL tagged component was not correctly formed and can not be parsed. Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server. {1}
Explanation A SystemException error occurred when parsing the tagged component. Action Confirm that you are connecting to a supported server version. Ensure that the sas.jar file you are using on the client side is compatible with that server.
JSAS0450E: [{0}] Failed to initialize security context. Have the client verify that the userid/password specified during login is valid. {1}
Explanation This error indicates that a client is trying to establish a secure association with the server but was unable to authenticate. Action Confirm that the user name and password specified during login are valid.
JSAS0451E: [{0}] Credentials do not contain a Public security name. The client should specify a userid and password in most cases in order to get authenticated.
Explanation The public security name is the client's user name. In this case, a user name was not specified. Action The client must specify a user name and password in most cases in order to authenticate.
JSAS0452E: [{0}] The security context is no longer valid. Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes. {1}
Explanation This error typically occurs when adding a security session on the client or server. Action Review the sas.client.props file and the sas.server.props file for recent changes. If recent changes have been made, you migh want to undo these changes for troubleshooting purposes.
JSAS0453E: [{0}] No credentials could be found identifying the local target. Check the com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid).
Explanation The server credentials could not be found. Action Check the security configuration for the com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are all valid. For the com.ibm.CORBA.PrincipalName property, ensure the correct realm is specified in front of the user name.
JSAS0454E: [{0}] Could not create local credentials. Check the security configuration for com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid). {1}
Explanation This error indicates that a login attempt to the server was not successful. Action Check the security configuration for the com.ibm.CORBA.PrincipalName, com.ibm.CORBA.UserID, and com.ibm.CORBA.Password properties to ensure they are all valid. For the com.ibm.CORBA.PrincipalName property, ensure the correct realm is specified in front of the user name.
JSAS0455E: ERROR in {0}: The certificate with alias {1} from keyStore {2} is expired.
Explanation A certificate in the keystore has expired. Action Open the keystore and validate the expiration dates for all the certificates in the keystore. Remove any expired certificates.
JSAS0456W: WARNING in {0}: The certificate with alias {1} from keyStore {2} will be expired in {3} days.
Explanation A certificate in the keystore is about to expire. Action Open the keystore and validate the expiration dates for all the certificates in the keystore. Generate new certificates to replace the certificates that are about to expire.
JSAS0461E: [{0}] Invalid credential token, unable to validate. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
Explanation The credential token is null, expired, or has been tampered with. The token is digitally signed, so any modification of the bytes in the token can not be verified. The most common reason for this error is a null token. Action Retry the operation after a few minutes. If using the request_login method for Domino, confirm that single signon (SSO) between the Domino server and the WebSphere Applpication Server has been configured correctly.
JSAS0462E: [{0}] I/O Error trying to open the security bootstrap repository. Check the property bootstrapRepositoryLocation in the security configuration to be sure it points to a valid filename and location. If the path is correct, rename the file to allow it to recreate a new file. {1}
Explanation An error occurred while opening the file pointed to by the bootstrapRepositoryLocation property. Action Check the bootstrapRepositoryLocation property in the security configuration to be sure it points to a valid filename and location. If the path is correct, rename the file to allow it to recreate a new file.
JSAS0463E: [{0}] I/O Error while processing the security bootstrap repository. Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path. /WebSphere/AppServer. {1}
Explanation The file pointed to by the BootstrapRepositoryLocation property in the security configuration has been corrupted. Action Stop the server and rename the file pointed to by the BootstrapRepositoryLocation class. After renaming the file, restart your server and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" from the command line to see if the new file can be read. Make sure %WAS_ROOT% points to the correct installation path.
JSAS0464E: [{0}] I/O Error while writing the security bootstrap repository. Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path. {1}
Explanation The file pointed to by BootstrapRepositoryLocation property in the security configuration has been corrupted. Action Stop the server and rename the file pointed to by the BootstrapRepositoryLocation class. After renaming the file, restart your server and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" from the command line to see if the new file can be read. Make sure %WAS_ROOT% points to the correct installation path.
JSAS0465E: [{0}] THE SECURITY SERVICE HAS ALREADY BEEN INITIALIZED WITH THIS ORB. The ServiceInit (the call that enables security) will return immediately without reinitializing security multiple times.
Explanation This error indicates that security for this object request broker (ORB) has already been initialized and an attempt to initialize it again is occurring. Action The ServiceInit method, the call that enables security, will return immediately without reinitializing the security. Enable trace to determine what called the ServiceInit method a second time. See the problem determination information on the WAS Support Web page: //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ ://www.ibm.com/software/webservers/appserv/was/support.
JSAS0466E: [{0}] An I/O error occurred while processing the message buffer. Retry the operation. {1}
Explanation A java InputStream read error occurred. Action Retry the operation.
JSAS0467E: [{0}] The host address in the IOR is null or blank. Make sure the version of SAS.JAR is valid for the WebSphere release you are running. Restart the server and try the operation again.
Explanation The host address of the server is null as read from the Interoperable Object Reference (IOR) that the server exported. Action Make sure the version of the sas.jar file is valid for the application server you are using. Restart the server and try the operation again.
JSAS0469E: [{0}] The IOR is not correctly formed -- the connection will be refused. Ensure that the client version you are using is supported by the server. Check the SAS.JAR date and size and verify it is the same as that of the server. Check the classpath to ensure it includes the correct version of SAS.JAR.
Explanation There are values in the Interoperable Object Reference (IOR) that require a value but are currently null. This usually indicates that an exception occurred while trying to read them or there is an interoperability problem with another version of the server. Action Ensure that the client version you are using is supported by the server. Check the sas.jar file date and size and verify it is the same as that of the server. Check the classpath to ensure it includes the correct version of SAS.JAR.
JSAS0471E: [{0}] The requestCredsExpiration property is out of range; using the default {1}. Correct the value specified in the requestCredsExpiration property so that it is within the valid range.
Explanation The valid range for the requestCredsExpiration property is between 10 and 524160 minutes. Action Correct the value specified in the requestCredsExpiration property so that it is within the valid range.
JSAS0472E: [{0}] The BasicAuth expiration time is smaller than the ORB request timeout; A method request could take longer than the period over which the requesting credentials will remain valid. If you are setting these properties explicitly, ensure that requestTimeout is smaller than requestCredsExpiration.
Explanation The com.ibm.CORBA.requestCredsExpiration property may not be smaller than the com.ibm.CORBA.requestTimeout property. Action Ensure that the com.ibm.CORBA.requestTimeout property is smaller than the com.ibm.CORBA.requestCredsExpiration property.
JSAS0473E: [{0}] Invalid mechanism type. Check the security configuration to ensure the properties are set correctly. Retry the operation.
Explanation The security mechanism is not a valid mechanism as defined in the mechanism factory. Action Check the security configuration to ensure the properties are set correctly. Retry the operation.
JSAS0475E: [{0}] Invalid expiry time. Check to ensure the value passed into is_valid is not negative.
Explanation The value passed into the is_valid method is negative. Action Ensure the value passed into the is_valid method is not negative.
JSAS0476E: [{0}] Invalid credential type. Ensure that the client authentication target in the client properties is set to a value that the server supports. {1}
Explanation The credential object passed to the server is not a type that the server supports. Action Ensure that the client authentication target in the client properties is set to a value that the server supports.
JSAS0477E: [{0}] Invalid credential. Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential. {1}
Explanation The credential is either null, not a subtype of the org.omg.SecurityLevel2.Credentials class, or marked invalid. The credential could have been marked invalid during a failed log in attempt or when the security server was not available. Action Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You might need to restart the client or server which has the invalid credential.
JSAS0479E: [{0}] Unable to sleep. Restart the server. {1}
Explanation A java runtime exception occurred while a thread was trying to sleep for a specified number of seconds. Action Restart the server.
JSAS0480E: [{0}] Failed to find the correct entry in key file. Ensure that the property com.ibm.ssl.keyStoreFile is pointing to a keyfile which contains the realm and security name which you are looking for. {1}
Explanation The keyfile entry for the specified realm and security name was not found in the keyfile. Action Ensure that the com.ibm.ssl.keyStoreFile property is pointing to a keyfile which contains the realm and security name that you intended.
JSAS0484E: [{0}] A problem occurred while decoding the loginPassword property. Retype the password on the loginPassword property and restart the program. {1}
Explanation A java runtime exception occurred while decoding the loginPassword property. Action Retype the password on the loginPassword property and restart the program.
JSAS0485E: [{0}] A problem occurred while decoding the keystore password property. Retype the password on the keystore password property and restart the program. {1}
Explanation A java runtime exception occurred while decoding the keystore password property. Action Retype the password on the keystore password property and restart the program.
JSAS0486E: [{0}] A problem occurred while decoding the truststore password property. Retype the password on the trustword password property and restart the program. {1}
Explanation A java runtime exception occurred while decoding the truststore password property. Action Retype the password on the com.ibm. property and restart the program.
JSAS0488E: [{0}] An exception was thrown while registering the request interceptor to the orb. The exception is: {1}
Explanation This error usually indicates a problem with the ORB. Action Confirm that an orb.properties file exists in java/jre/lib directory.
JSAS0489E: [{0}] Unauthenticated credentials can not be sent via Identity Assertion because they are not supported by the configuration.
Explanation The security configuration does not allow for an anonymous identity token. Action Make sure the client gets prompted and enters valid credentials.
JSAS0490E: [{0}] Identity type stored in the credential (Client Authentication Token) does not match the effective policy Identity type (ITTPrincipalName not supported).
Explanation The type of credential is not one that is supported for Identity Assertion. Action Review the client configuration, specifically the authenticationTarget property to ensure it contains a supported value.
JSAS0491E: [{0}] Identity type stored in the credential (Client certificates) does not match the effective policy Identity type (ITTX509CertChain not supported).
Explanation The server does not support certificate based credentials. Action In order to communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism such as BasicAuth.
JSAS0492E: [{0}] Identity type stored in the credential (ITTPrincipalName) does not match the effective policy Identity type (ITTPrincipalName not supported).
Explanation The server does not support principal based credentials. Action In order to communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism such as SSL client certificates.
JSAS0493E: [{0}] Identity type stored in the credential (ITTDistinguishedName) does not match the effective policy Identity type (ITTDistinguishedName not supported).
Explanation The server does not support distinguished name based credentials. Action In order to communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism which is principal based rather than DN based.
JSAS0494E: [{0}] The server''s {1} credentials are NULL.
Explanation The server did not set the credentials during the bootstrap process. Action Try restarting the server. Report the problem to customer support.
JSAS0495E: [{0}] The server''s {1} credentials are invalid. Realm/security_name == NULL.
Explanation The server's credentials are invalid. Action Try to log in again specifying a realm, user name, or both.
JSAS0496E: [{0}] The expiration time for {1} credentials is too short relative to the ORB request timeout and/or the security cache timeout; a method request could take longer than the period over which the credentials will remain valid, or the credentials could expire while in the server cache.
Explanation A method request could take longer than the credential expiration period. Action Either increase the cache timeout or decrease the ORB request timeout.
JSAS0497E: [{0}] A problem occurred while decoding the HardwareTokenPassword property. {1}
Explanation The password for the hardware crypto device could not be decoded properly. Action Go back to the configuration and retype the password.
JSAS0498E: [{0}] The loginSource property contains an illegal option; the default is {1}.
Explanation Valid loginSource options are: prompt, properties, stdin, key file, key table, and none. Action Provide a valid source for the loginSource property.
JSAS0499E: The server ID that is received for identity assertion ({0}) does not match any of the configured and trusted server IDs ({1}).
Explanation The Common Secure Interoperability version 2 (CSIv2) inbound configuration panel does not have the noted server ID configured correctly. Action Verify that the server ID that is listed in the message is added to the trusted server list in the CSIv2 inbound authentication panel.
JSAS0500I: CSIv2 protocol has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0501I: Realm name has been set: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0502I: Realm name has not been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0503I: Claim stateful has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0504I: Claim stateless has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0505I: Claim secure transport layer with SSL/TLS required has been set. <claimTransportAssocSSLTLSRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0506I: Claim secure transport layer with SSL/TLS supported has been set. <claimTransportAssocSSLTLSSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0507I: No claim secure transport layer has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0508I: Claim client authentication at transport layer required has been set. <claimTLClientAuthenticationRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0509I: Claim client authentication at transport layer supported has been set. <claimTLClientAuthenticationSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0510I: No claim client authentication at transport layer has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0511I: Claim message 128-bit SSL/TLS cipher suites required has been set. <claimMessageConfidentialityRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0512I: Claim message 128-bit SSL/TLS cipher suites supported has been set. <claimMessageConfidentialitySupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0513I: No claim message 128-bit SSL/TLS cipher suites has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0514I: Claim message 40-bit SSL/TLS cipher suites required has been set. <claimMessageIntegrityRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0515I: Claim message 40-bit SSL/TLS cipher suites supported has been set. <claimMessageIntegritySupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0516I: No claim message 40-bit SSL/TLS cipher suites has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0517I: Claim client authentication required has been set. <claimClientAuthenticationRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0518I: Claim client authentication supported has been set. <claimClientAuthenticationSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0519I: No claim client authentication has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0520I: Claim identity assertion supported has been set. <claimIdentityAssertionSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0521I: No claim identity assertion has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0522I: Perform stateful has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0523I: Perform stateless has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0524I: Perform secure transport layer with SSL/TLS required has been set. <performTransportAssocSSLTLSRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0525I: Perform secure transport layer with SSL/TLS supported has been set. <performTransportAssocSSLTLSRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0526I: No perform secure transport layer has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0527I: Perform client authentication at transport layer required has been set. <performTLClientAuthenticationRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0528I: Perform client authentication at transport layer supported has been set. <performTLClientAuthenticationSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0529I: No perform client authentication at transport layer has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0530I: Perform message 128-bit SSL/TLS cipher suites required has been set. <performMessageConfidentialityRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0531I: Perform message 128-bit SSL/TLS cipher suites supported has been set. <performMessageConfidentialitySupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0532I: No perform message 128-bit SSL/TLS cipher suites has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0533I: Perform message 40-bit SSL/TLS cipher suites required has been set. <performMessageIntegrityRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0534I: Perform message 40-bit SSL/TLS cipher suites supported has been set. <performMessageIntegritySupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0535I: No perform message 40-bit SSL/TLS cipher suites has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0536I: Perform client authentication required has been set. <performClientAuthenticationRequired>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0537I: Perform client authentication supported has been set. <performClientAuthenticationSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0538I: No perform client authentication has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0539I: Perform identity assertion supported has been set. <performIdentityAssertionSupported>: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0540I: No perform identity assertion has been set.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0541I: Trusted principal list should be defined for Identity Assertion. <claimIdentityAssertion>: {1}. TrustedPrincipalList is not defined.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0542I: Claim transport security mechanism should be defined when claim transport client auth is enabled. <claimTLClientAuthenticationRequired>: {1}, <claimTLClientAuthenticationSupported>: {2}, <claimTransportAssocSSLTLSRequired>: {3}, <claimTransportAssocSSLTLSSupported>: {4}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0543I: Claim transport security mechanism should be defined when claim transport QOP is enabled. <claimTransportAssocSSLTLSRequired>: {1}, <claimTransportAssocSSLTLSSupported>: {2}, <claimMessageConfidentialityRequired>: {3}, <claimMessageConfidentialitySupported>: {4}, <claimMessageIntegrityRequired>: {5}, <claimMessageIntegritySupported>: {6}.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0544I: <claimIdentityAssertionSupported> is not applicable in client configuration. Disabled the property.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0545I: <performIdentityAssertionSupported> is not applicable in client configuration. Disabled the property.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0546I: <performIdentityAssertionRequired> is not applicable in client configuration. Disabled the property.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0547I: Perform transport security mechanism should be defined when perform transport client auth is enabled. <performTLClientAuthenticationRequired>: {1}, <performTLClientAuthenticationSupported>: {2}, <performTransportAssocSSLTLSRequired>: {3}, <performTransportAssocSSLTLSSupported>: {4}.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0548I: Perform transport security mechanism should be defined when perform transport QOP is enabled. <performTransportAssocSSLTLSRequired>: {1}, <performTransportAssocSSLTLSSupported>: {2}, <performMessageConfidentialityRequired>: {3}, <performMessageConfidentialitySupported>: {4}, <performMessageIntegrityRequired>: {5}, <performMessageIntegritySupported>: {6}
Explanation This message is for informational purposes only. Action No action is required.
JSAS0549I: Coalescing client config with server security mechanism
Explanation This message is for informational purposes only. Action No action is required.
JSAS0550I: Evaluation of the transport layer failed.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0551I: Evaluation of the message layer failed.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0552I: Evaluation of the identity assertion layer failed.
Explanation This message is for informational purposes only. Action No action is required.
JSAS0600E: CSIv2 Tagged Component is NULL.
Explanation The Interoperable Object Reference (IOR) from the server does not contain a Common Secure Interoperability version 2 (CSIv2) tagged component. Action The server might need to be restarted. Also the check the client configuration and redeploy the object.
JSAS0601E: The CSIv2 client configuration does not support SECIOP.
Explanation The implementation does not support Secure Inter-ORB Protocol (SECIOP). Action Communication to a server over SECIOP is not valid. We must communicate to the server over IIOP.
JSAS0602E: No valid transport tagged components exist in the IOR.
Explanation The transport tag is not a recognized or supported transport. Action Determine what transports are supported on the server you are connecting to by examining the security configuration and the sas.server.props file.
JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it.
Explanation The connection was not successful because the client requires SSL but the server does not support it. Action If SSL is not a requirement, change the client configuration to support, not require, SSL. If SSL is a requirement, configure the server to support SSL.
JSAS0604E: The client requires SSL client certificate authentication but the server does not support it.
Explanation The server does not support SSL client authentication. Action Connect using BasicAuth client authentication, specifying a user name and password.
JSAS0605E: The client supports SSL client certificate authentication but the server does not support it.
Explanation The server will not authenticate the client using SSL client certificates. Action Connect using BasicAuth client authentication, specifying a user name and password.
JSAS0606E: The server requires SSL client certificate authentication but the client does not support it.
Explanation The client is not configured to use SSL client certificate authentication. Action Review the client configuration to ensure it is set up to perform SSL client certificate authentication.
JSAS0607E: The client requires SSL Confidentiality but the server does not support it.
Explanation The client requires SSL confidentiality but the server does not support it. Action Remove the SSL confidentiality requirement from the client. If this is not possible, configure the server to support it.
JSAS0608E: The server requires SSL Confidentiality but the client does not support it.
Explanation The server requires SSL confidentiality but the client does not support it. Action Set the com.ibm.CSI.performTransportAssocSSLTLSSupported property to true in the sas.client.props file to support confidentiality.
JSAS0609E: The client requires SSL Integrity but the server does not support it.
Explanation The client requires SSL Integrity but the server does not support it. Action Remove the integrity requirement from the client. If this is not possible, configure the server to support it.
JSAS0610E: The server requires SSL Integrity but the client does not support it.
Explanation The server requires SSL Integrity but the client does not support it. Action Modify the client configuration to support Integrity.
JSAS0611E: No authentication mechanism is defined at client authentication layer.
Explanation The Common Secure Interoperability version 2 (CSIv2) tagged component did not specify an authentication mechanism. Action Retry the client application or restart the server to export the Interoperable Object Reference (IOR) for the object again.
JSAS0612E: The client requires client authentication (e.g., userid/password or token), but the server does not support it.
Explanation The server currently will not accept BasicAuth authentication or any other client authentication mechanism. Action Configure the client for SSL client authentication or contact the server administrator.
JSAS0613E: The server requires client authentication (e.g., userid/password or token), but the client does not support it.
Explanation The client currently will not accept BasicAuth authentication or any other client authentication mechanism. Action Configure the client for BasicAuth aclient authentication or contact the server administrator.
JSAS0614E: The authentication mechanism OID supplied by the server is an unsupported OID for this WebSphere release.
Explanation The server is supplying an unsupported object ID (OID). Action Try using SSL client certificate authentication.
JSAS0615E: The client configuration specifies the Kerberos authentication mechanism, but the server does not support it.
Explanation The authentication mechanism of the server is not supported by the client. Action Modify the authenticationTarget property in the client configuration to a value that is supported by the server.
JSAS0616E: The client configuration specifies the LTPA authentication mechanism, but the server does not support it.
Explanation The authentication mechanism of the server is not supported by the client. Action Modify the authenticationTarget property in the client configuration to a value that is supported by the server.
JSAS0617E: The client configuration specifies the Custom authentication mechanism, but the server does not support it.
Explanation The authentication mechanism of the server is not supported by the client. Action Modify the authenticationTarget property in the client configuration to a value that is supported by the server.
JSAS0618E: The target security name is NULL in CSIv2 tagged component.
Explanation A value in the Common Secure Interoperability version 2 (CSIv2) tagged component required for client authentication is null. Action Try using SSL client authentication or contact the system administrator.
JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it.
Explanation The receiving server has not been configured for Identity Assertion. It is a requirement of the sending server that the receiving server be configured for Identity Assertion. Action Modify the configuration on the receiving server to support Identity Assertion.
JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.
Explanation A naming mechanism is needed to determine how to encode and decode the identity token. Action The receiving server might not support Identity Assertion. Try contacting the system administrator of the receiving server.
JSAS0621E: The target server does not support any identity token types.
Explanation The target server likely does not support Identity Assertion. Action The target server might need to review how it exports the tagged components. Contact the system administrator of the target server.
JSAS0622E: [{0}] GSSEncodeDecodeException has occurred: {1}
Explanation An exception has occurred while encoding or decoding security information. Action See the problem determination information on the WAS Support Web page: //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ ://www.ibm.com/software/webservers/appserv/was/support.
JSAS0623E: [{0}] The verificationLevel property contains an illegal option; the default is {1}.
Explanation Valid property values are activelycorrect, passivelycorrect, consistency, and completeness. Action Specify a valid value for the verification level property.
JSAS0624E: [{0}] Exception caught when instantiating Custom authentication mechanism instance {1}, message: {2}, exception: {3}
Explanation The custom authentication mechanism when implements WSSecurityContext interface is having problems being instantiated. Action Review the constructor of this class to confirm the proper class is specified in the security configuration.
JSAS0625E: [{0}] Cannot instantiate WSSecurityContext instance for OID: {1}
Explanation The object ID (OID) specified in the credential does not have a corresponding WSSecurityContext implementation. Action Ensure that the WSSecurityContext configuration specifies an implementation for this OID.
JSAS0626E: [{0}] OID verification failed: credential OID ({1}) != configured OID ({2}).
Explanation The credential has an object ID (OID) which does not match the configured authenticationTarget OID. Action Modify the authenticationTarget property to support the credential OID.
JSAS0627E: [{0}] The com.ibm.CSI.protocol property has an invalid value: {1}. Setting the protocol to {2}.
Explanation The valid protocol values for the com.ibm.CSI.protocol property are ibm, csiv2, and both. Action Specify a valid value for the com.ibm.CSI.protocol property.
JSAS0628E: [{0}] The authenticationRetryCount property contains a non-integer string value; the default is {1}.
Explanation The authenticationRetryCount property must contain an integer value. Action Specify an integer value for the authenticationRetryCount property.
JSAS0629E: [{0}] MalformedURLException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation The value of the com.ibm.CORBA.ConfigURL property is not in a valid URL format. Action Specify a valid value for the com.ibm.CORBA.ConfigURL property, and ensure there is only a single / after file: in the URL string.
JSAS0630E: [{0}] IOException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation The file specified by the com.ibm.CORBA.ConfigURL property does not exist or is not in a valid format. Action Confirm the file exists in the location specified. If the file exists in that location, ensure the URL is in the valid format.
JSAS0631E: [{0}] Exception reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation The file specified by the com.ibm.CORBA.ConfigURL property does not exist or is not in a valid format. Action Confirm the file exists in the location specified. If the file exists in that location, ensure the URL is in the valid format.
JSAS0632E: [{0}] PrivilegedActionException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation The SecurityManager needs read access to read the com.ibm.CORBA.ConfigURL property. Action Specify at least read access for this property in the java.security file.
JSAS0633E: [{0}] NoSuchAlgorithmException - This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment. Exception: {1}
Explanation This exception is occurs when a particular cryptographic algorithm is requested but is not available in the environment. Action Confirm the cipher and security provider specified in the SSL configuration are valid.
JSAS0634E: [{0}] KeyStoreException - This is the generic KeyStore exception. Exception: {1}
Explanation This is a general exception that occurs when trying to access a keystore file. Action Ensure the following are all correct: the location of the keystore, the password used to access the keystore and the keystore type.
JSAS0635E: [{0}] UnrecoverableKeyException - This exception is thrown if a key in the keystore cannot be recovered. Exception: {1}
Explanation This exception is created if a key in the keystore file can not be recovered. Action This usually indicates the keystore file has been corrupted. Ensure that the keystore type specified is valid, as this is another possible cause for this exception.
JSAS0636E: [{0}] NoSuchProviderException - This exception is thrown when a particular security provider is requested but is not available in the environment. Exception: {1}
Explanation This exception is created when a specific security provider is requested but it is not available in the environment. Action Confirm that the keyStoreProvider, trustStoreProvider property, and sslContextProvider propreties have valid security providers specified.
JSAS0637E: [{0}] KeyManagementException - This is the general key management exception, for all operations dealing with key management. Subclasses could include: KeyIDConflict, KeyAuthorizationFailureException, ExpiredKeyException. Exception: {1}
Explanation This is the general key management exception for all operations dealing with key management. Subclasses include: KeyIDConflict, KeyAuthorizationFailureException, ExpiredKeyException. Action Check that the certificates within the keystore are not expired and can all be viewed from within the IKeyMan program.
JSAS0638E: [{0}] Client authentication required at the server but no principal information is present in the {1} method request from client {2}.
Explanation When client authentication is required at the server, a principal must be sent for the request to be handled. Action Ensure that the client is configured with the correct credentials to issue a request to this server.
JSAS0639E: The ID received for identity assertion ({0}) is not trusted by the server, most likely because the ID does not have CONTROL access to the CBIND profile in the RACF (Resource Access Control Facility) database.
Explanation When the platform is z/OS and the Local Operating System is configured as the user realm, the asserted ID must have CONTROL authority for the CBIND profile in RACF in order for the server to establish trust. Action Verify that the ID listed in the message has CONTROL permission to the CBIND profile in RACF.
JSAS0801E: The received admin RSA token has an expired timestamp of {0} where the current local timestamp is {1}. Check for clock skew issues between servers.
Explanation The timestamp in the RSA token is later than the current time of the receiving server. Action Ensure there are no clock skews between servers. Increase the RSA tokenExpiration if the default of 10 minutes is not sufficient for a one-time use token.
JSAS0802E: The received admin RSA token has a nonce value that has been used recently in this process. This could indicate a replay attack."
Explanation A nonce is a value that can be used only once to prevent replay attacks. This token uses a nonce for this purpose and has received the same nonce more than once. Action A replay attack may have occurred. Some investigation of the sending process may be warrented.
JSAS0803E: The received admin RSA token failed validation. The exception message is: {0}
Explanation The token received could not be validated. This will typically occur when the signer of the sending process was not stored in the admin trust store. Action If there error is related to validating certificates, then find out the sending process and add the sending server's signer certificate to the receiving server's trust store.
JSAS0804E: An error occurred trying to create an admin RSA token using target certificate with distinguished name of {0}. The exception message is: {1}.
Explanation The RSA token could not be created due to an error with the target certificate or the Subject. Action Ensure there's a valid Subject on the thread or that the target certificate was received. Check FFDC logs for related errors.
JSAS0805W: The current OID is not the preferred admin authentication mechanism of RSAToken.
Explanation This occurs when a tag contains an OID that does not match to target RSAToken OID. Action No action required unless RSAToken OID never appears. In that case it should fall back to LTPA.
JSAS0806W: The current OID is not the preferred admin authentication mechanism of LTPA.
Explanation This occurs when a tag contains an OID that does not match to target LTPA OID. Action The target server does not have LTPA configured.
JSAS0807W: The current OID is not the preferred admin authentication mechanism of KRB5.
Explanation This occurs when a tag contains an OID that does not match to target KRB5 OID. Action The target server does not have KRB5 configured.
JSAS0808E: The preferred admin authentication mechanism is not a known ADMIN mechanism.
Explanation The supported admin authentication mechanisms are RSA, LTPA, and KRB5. Action Another authentication mechanism besides one of the supported mechanisms is configured incorrectly.
JSAS0809E: The current OID is RSA but this is not an Admin request.
Explanation The RSA authentication mechanism is only for admin requests but is being used for an application request. Action If this continues, try changing the admin mechanism to LTPA and ensure the realm is trusted and LTPA keys are the same between processes.
JSAS1400I: The configuration appears to be actively correct.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1401I: The configuration has been initialized.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1402I: Security has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1404I: The login source has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1405I: The login userid has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1406I: The login password has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1407I: The keytab file name has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1408I: The key file name has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1409I: The principal has been set: {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS1410I: The principal was not set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1411I: DCE client-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1412I: DCE server-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1413I: SSL Type-I client-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1414I: SSL Type-I server-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1415I: LTPA client-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1416I: LTPA server-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1417I: Local operating system client-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1418I: Local operating system server-association has been enabled.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1419I: The authentication target has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1422I: The SSL session timeout has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1423I: The SSL credentials timeout has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1425I: The SSL port has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1426I: The standard perform-QOP model has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1427I: The perform client-authentication has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1428I: The perform server-authentication has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1429I: The perform message replay detection has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1430I: The perform message out-of-sequence detection has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1431I: The perform message integrity has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1432I: The perform message confidentiality has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1433I: The standard claim-QOP model has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1434I: The claim client-authentication required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1435I: The claim server-authentication required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1436I: The claim message replay detection required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1437I: The claim message out-of-sequence detection required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1438I: The claim message integrity required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1439I: The claim message confidentiality required has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1440I: The claim client-authentication supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1441I: The claim server-authentication supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1442I: The claim message replay detection supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1443I: The claim message out-of-sequence supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1444I: The claim message integrity supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1445I: The claim message confidentiality supported has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1446I: The delegation mode has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1447I: The security service will not be disabled during bootstrap activation.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1448I: The security bootstrap repository port has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1449I: The configuration appears to be complete.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1450I: The configuration appears to be consistent.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1451I: The configuration appears to be passively correct.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1452I: The SSL server keystore has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1453I: The SSL server keystore password has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1454I: The indicated entry was not found in the key file.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1455I: Unable to login principal: null authentication information.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1456I: Trying again to form a secure association with the target.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1457I: [{0}] We couldn''t close the security bootstrap repository. {1}
Explanation This message is for informational purposes only. Action No action is required.
JSAS1458I: BasicAuth credentials will not expire.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1459I: The BasicAuth credentials expiration has been set:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1460I: Successfully loaded configured key file:
Explanation This message is for informational purposes only. Action No action is required.
JSAS1461I: SSL security compound tag will be exported.
Explanation This message is for informational purposes only. Action No action is required.
JSAS1474W: [{0}] Unable to refresh the server''s credentials, reset to minimum expiration time. Restart the server.
Explanation The server credential needs to be refreshed so that the token does not expire. This message indicates that the refresh was not successful. This could be due to a problem logging into the server to get a new credential token or the credential has been marked invalid. The expiration time will be set explicitly to temporarily correct the problem. Action Restart the server.
JSAS1475W: [{0}] The following exception occurred on the server, sending context error back to client: {1}
Explanation This logs any system exception which occurs on the server by the security interceptor or any other interceptor called after the security interceptor. Action This exception is sometimes normal, such as a NO_PERMISSION exception occurring due to a user name and password that are not valid. Otherwise, see the problem determination information on the WAS Support Web page: //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ ://www.ibm.com/software/webservers/appserv/was/support.
JSAS1476W: [{0}] The following exception was received from the server: {1}
Explanation This logs any system exception which occurs on the server by the security request interceptor or any other request interceptor called after the security request interceptor. Action This exception is sometimes normal, such as a NO_PERMISSION exception occurring due to a user name and password that are not valid. Otherwise, see the problem determination information on the WAS Support Web page: //publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/ ://www.ibm.com/software/webservers/appserv/was/support.
JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configuration (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons:
Explanation The configuration on the client is not consistent with the configuration on the server for the specific reasons displayed after the warning message. Action Use the specified reasons reported the warning message as a guideline to modify the client and server security configurations so that they match.
JSAS1478W: Security cannot be enabled because the ConfigURL property cannot be processed!
Explanation The com.ibm.CORBA.ConfigURL property specified in setupCmdLine.bat or on the java command line is not valid. Action Confirm the file being specified for the com.ibm.CORBA.ConfigURL property exists.
JSAS1479W: The target realm [{0}] does not match the current realm [{1}]. Specify the target realm in the Trusted target realms field. From the AdminConsole, go to: Security -> Global Security -> RMI/IIOP security -> CSIv2 Outbound Authentication.
Explanation The target realm does not match the current realm. The application server did not send the client request because the target realm might not be trusted. Action Add the intended target realm to the Trusted target realms field using the admininstrative console at Security -> Global Security -> RMI/IIOP security -> CSIv2 Outbound Authentication.
JSAS1480I: Security is not enabled because the ConfigURL property file is not set.
Explanation The com.ibm.CORBA.ConfigURL property specified in setupCmdLine.bat or on the java command line is not set. Action To enable security, set the com.ibm.CORBA.ConfigURL property to a properties file which exists, such as the sas.client.props file.
JSAS1500E: [{0}] AuditEventFactory initialization failed.
Explanation This exception is likely caused by an error in the security configuration or the registered factory did not implement the J2EEAuditEventFactory interface. Action Check the security configuration, specifically the AuditEventFactory implementation.
JSAS1501E: [{0}] J2EEAuditEventFactory was not initialized.
Explanation This exception is likely caused by an error in the security configuration. Action Check the security configuration, specifically the J2EEAuditEventFactory implementation.
JSAS1502E: Auditing is enabled but could not get a handle to the audit context objects.
Explanation Could not obtain a handle to the Audit context objects in order to be able to populate with event data. Action Examine the exception for the cause of the problem.
JSAS1503E: AuditServiceProvider failure logging audit event, Exception = {0}.
Explanation A failure occurred in the auditing subsystem, preventing the event from being processed/logged. Action Examine the exception for the cause of the problem.
JSAS1504E: The server does not support the client authentication mechanism: {0}
Explanation The client and server do not support the same authentication target. Action Examine the client and server authentication target.
JSAS1505E: LTPA WSCredential can not go outbound with Kerberos authentication.
Explanation The client and server do not support the same authentication target. Action Examine the client and server authentication targets.
JSAS1506E: Kerberos WSCredential without GSSCredential can not go outbound with Kerberos authentication.
Explanation The client and server do not support the same authentication target. Action Examine the client and server authentication targets.
JSAS2020W: [{0}] Unable to get credentials. Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
Explanation The credentials supplied are either invalid or null. An attempt is being made to login as unauthenticated. If the resource is unprotected, the invocation should succeed. Action Verify that the user name and password supplied are correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
JSAS2030W: [{0}] Trying unauthenticated login. Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
Explanation The credentials supplied are either invalid or null. An attempt is being made to login as unauthenticated. If the resource is unprotected, the invocation should succeed. Action Verify that the user name and password supplied are correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
JSAS2040W: [{0}] No ConnectionData object attached to RequestHolder. Verify the classpath on the client and server both contain the same SAS.JAR and the same SAS e-fixes.
Explanation The type of connection data object is not valid. There could be a problem with the classes loaded from the classpath. Action Verify the classpath on the client and server both contain the same sas.jar file and have the same interim fixes.
JSAS2070W: [{0}] Session entry already exists. Try to login again.
Explanation This message indicates that the session being added has already been added. Action Try to log in again.
JSAS2100W: [{0}] Null Credentials list. If an unauthenticated request is not desired, check the client login userid/password to verify correctness. Review the login source property in the sas.client.props.
Explanation The credentials list passed into the init_security_context method are null. An unauthenticated request will be attempted. Action If you do not want to attempt an unauthenticated, confirm the user name and password used for the client login are correct. Review the login source property in the sas.client.props file.
JSAS2120W: [{0}] Security enabled, but EstablishTrustInClient is not set in IOR. If mutual authentication is desired, check the standardPerformQOPModels property so that it is set to authenticity, integrity, or confidentiality.
Explanation The standardPerformQOPModels property in the sas.client.props file might not be set for mutual authentication. Action If mutual authentication is intended, ensure the standardPerformQOPModels property is set to authenticity, integrity, or confidentiality.
JSAS2403W: [{0}] DCE Security Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation The Interoperable Object Reference (IOR) does not contain a Distributed Computing Environment (DCE) security tag. This tag contains the target security name, mechanism and required quality of protection (QOP). Action Verify that the client program is attempting to access the correct object. This message could be benign if the object method does not require security to be invoked.
JSAS2404W: [{0}] SSL Security Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation The Interoperable Object Reference (IOR) does not contain an SSL security tag. This tag contains the port, required quality of protection (QOP) and supported QOP. Action Verify that the client program is attempting to access the correct object. This message could be benign if the object method does not require security to be invoked.
JSAS2405W: [{0}] Unable to get client security name from credentials. Restart the client so that new credentials will be created. Check with your user registry administrator to ensure the user data is valid.
Explanation This message indicates that the attributes stored in the credential can not be retrieved due to a java runtime exception. Action Restart the client to create new credentials. Confirm that the user data provided is consistent with the data in the user registry.
JSAS2406W: [{0}] SSL Security Compound Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation The Interoperable Object Reference (IOR) does not contain an SSL security compound tag. This tag contains the port, required quality of protection (QOP) and supported QOP, target's client authentication type, realm name and full security name. Action Verify that the client program is attempting to access the correct object. This message could be benign if the object method does not require security to be invoked.